From patchwork Tue Aug  8 23:27:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jim Mattson <jmattson@google.com>
X-Patchwork-Id: 9889293
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	494F5601EB for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  8 Aug 2017 23:28:14 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A5B928944
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  8 Aug 2017 23:28:14 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2D7032894C; Tue,  8 Aug 2017 23:28:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C346228944
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  8 Aug 2017 23:28:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752333AbdHHX2L (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 8 Aug 2017 19:28:11 -0400
Received: from mail-pg0-f53.google.com ([74.125.83.53]:35551 "EHLO
	mail-pg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752143AbdHHX2K (ORCPT <rfc822; kvm@vger.kernel.org>);
	Tue, 8 Aug 2017 19:28:10 -0400
Received: by mail-pg0-f53.google.com with SMTP id v189so20672312pgd.2
	for <kvm@vger.kernel.org>; Tue, 08 Aug 2017 16:28:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=SOxz1gVq2jN5KqCIvfowU849IeU54u2AAwG+w8xalhM=;
	b=Sa0eVIhE6EAjKMzDHPBYBwzLnogl0TAIuxxJdCp8zUb9znO5jz7XyE7NpFOYwkbIk6
	4Kj3TtP/6zrp4fNdYsPN9tCZ+EAibI27qFQpk428mAwP63afLjpZQjGRxY2FgLD4R81K
	sdABaw+sChgSqND5+PggEaoeoBfKn0nPSgYS6pLp1R3Mv3gh7F3C+Y6Ke08AxJvFFZao
	X4lIWRvqH25UPmVIjClr6JD2hvZDeE5X02PHe4u6tXoypH/PrRO0crcUWXo26ZZOJL6e
	FLdO/0uHyJUNp913tCj0e9mLlJqQwRkFLoe1NVhoQSXE464OMnqHOifxq/7HKuuMLiYx
	dAzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=SOxz1gVq2jN5KqCIvfowU849IeU54u2AAwG+w8xalhM=;
	b=rkg3y7Hhe3hSEfUF8MXYlxIyMUFqR35USZaFbqbfPIYhKcMP3PdAa3EQBQ6iBprjfw
	vaumR2+AIdGuB1CfsYgHFgeHKKq+97oUMXrrZqqqPyivb86c8dRcf44APNenpdTup5t+
	32p3sCdNsQm77Zdh6Yt3QzZMhhpYuyyxgWqWfvvmVUozb4kHtMtQ/XRqhY3MZ8ylGojR
	gK1s0AGPmR4ouOXBM7ntxwLA9/b2+F7/Or+1e7Cvme/TXsVjVxuTV0qt7iTXNvoUqhZ3
	42FdgBkxUxIUP336cuk9fI1UjLN5Z09Bjh/fPG29lu3cF4TQ2xE5FfOButnX21Hh/w7D
	nlXg==
X-Gm-Message-State: AHYfb5gIKvfJl8Z+ZIMtA36FRvzokEwNk57xhnldj1bHHMspj2en92ic
	jTAd4fIXYA79HJk1CELQjA==
X-Received: by 10.98.81.1 with SMTP id f1mr6109549pfb.94.1502234889664;
	Tue, 08 Aug 2017 16:28:09 -0700 (PDT)
Received: from turtle.sea.corp.google.com ([172.31.88.24])
	by smtp.gmail.com with ESMTPSA id
	k186sm4689583pfc.173.2017.08.08.16.28.08
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 08 Aug 2017 16:28:08 -0700 (PDT)
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: Jim Mattson <jmattson@google.com>
Subject: [PATCH] kvm: x86: Disallow illegal IA32_APIC_BASE MSR values
Date: Tue,  8 Aug 2017 16:27:26 -0700
Message-Id: <20170808232726.118570-1-jmattson@google.com>
X-Mailer: git-send-email 2.14.0.434.g98096fd7a8-goog
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Host-initiated writes to the IA32_APIC_BASE MSR do not have to follow
local APIC state transition constraints, but the value written must be
valid.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/x86.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d734aa8c5b4f..fb786d9feef1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -313,10 +313,11 @@ int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	u64 reserved_bits = ((~0ULL) << cpuid_maxphyaddr(vcpu)) |
 		0x2ff | (guest_cpuid_has_x2apic(vcpu) ? 0 : X2APIC_ENABLE);
 
+	if ((msr_info->data & reserved_bits) != 0 ||
+	    new_state == X2APIC_ENABLE)
+		return 1;
 	if (!msr_info->host_initiated &&
-	    ((msr_info->data & reserved_bits) != 0 ||
-	     new_state == X2APIC_ENABLE ||
-	     (new_state == MSR_IA32_APICBASE_ENABLE &&
+	    ((new_state == MSR_IA32_APICBASE_ENABLE &&
 	      old_state == (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE)) ||
 	     (new_state == (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE) &&
 	      old_state == 0)))
@@ -7444,7 +7445,8 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
 	kvm_x86_ops->set_efer(vcpu, sregs->efer);
 	apic_base_msr.data = sregs->apic_base;
 	apic_base_msr.host_initiated = true;
-	kvm_set_apic_base(vcpu, &apic_base_msr);
+	if (kvm_set_apic_base(vcpu, &apic_base_msr))
+		return -EINVAL;
 
 	mmu_reset_needed |= kvm_read_cr0(vcpu) != sregs->cr0;
 	kvm_x86_ops->set_cr0(vcpu, sregs->cr0);